Description
SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.
References (3)
Core 3
Core References
Third Party Advisory
https://gist.github.com/Chiaki2333/f09b47a39e175932d8a2360e439194d5
Product
https://github.com/32ns/KLive
Scores
CVSS v3
7.5
EPSS
0.0006
EPSS Percentile
19.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
32ns/klive
< 2019-01-19
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026